Authenticate to AD but only allow certain group

Alan DeKok aland at
Wed May 14 20:24:45 CEST 2014

Brian C. Huffman wrote:
> Are there always two levels of EAP in WPA (or WPA2) Enterprise?

  For TTLS and PEAP, yes.  They set up a TLS tunnel between the
supplicant and the server.  They then send additional data inside of the

> Where do the "outerID" credentials come from?  Is that the wireless
> station (laptop, phone, etc.) or the access point?

  It's always the supplicant (laptop, phone, etc.)

  Alan DeKok.

More information about the Freeradius-Users mailing list